İlgili Başlık;
http://www.phpbb2.de/viewtopic.php?t=32489
We have recieved a security report about a vulnerability in the IFrame BBCode [web][/web] used in the phpBB Plus 1.5.x BBCode Box. Due to this it is possible to execute Scripts during a logged in User-Session. Then an attacker has the possibility to run bad Scripts or Links with your Account. It is also possible to do Phishing with this leck (Redirects into the IFrame). Since there is no 100% Bugfix for this hole we have decided to remove the [web] BBCode completely out of phpBB2 Plus 1.5x. To be secure again you must also remove this BBCode immediately from your Forum now:
This are the Codechanges:
- Kod: Tümünü seç
#
#-----[ OPEN ]------------------------------------------
#
bbcode_box/add_bbcode.js
#
#-----[ FIND AND DELETE]------------------------------------------
#
web_help="Insert Web Page into the post : [web]Page URL[/web]";
#
#-----[ FIND AND DELETE]------------------------------------------
#
var web = 0;
#
#-----[ FIND AND DELETE]------------------------------------------
#
function BBCweb() {
var FoundErrors = '';
var enterURL = prompt("Please enter page URL","http://");
if (!enterURL) {
FoundErrors += "You didn't write the page URL";
}
if (FoundErrors) {
alert("Error :"+FoundErrors);
return;
}
var ToAdd = "[web]"+enterURL+"[/web]";
document.post.message.value+=ToAdd;
document.post.message.focus();
}
#
#-----[ OPEN ]------------------------------------------
#
includes/bbcode.php
#
#-----[ FIND AND DELETE]------------------------------------------
#
$bbcode_tpl['web'] = str_replace('{URL}', '\\1', $bbcode_tpl['web']);
#
#-----[ FIND AND DELETE]------------------------------------------
#
//web
$patterns[] = "#\[web:$uid\](.*?)\[/web:$uid\]#si";
$replacements[] = $bbcode_tpl['web'];
#
#-----[ FIND AND DELETE]------------------------------------------
#
// [web]and[/web]
$text = preg_replace("#\[web\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/web\]#si", "[web:$uid]\\1\\3[/web:$uid]", $text);
#
#-----[ OPEN ]------------------------------------------
#
templates/fisubsilversh/bbcode.tpl
#
#-----[ FIND AND DELETE]------------------------------------------
#
<!-- BEGIN web --><iframe width="100%" height="350" src="{URL}"></iframe><!-- END web -->
#
#-----[ OPEN ]------------------------------------------
#
templates/fisubsilversh/posting_body.tpl
#
#-----[ FIND ]------------------------------------------
#
<img border="0" src="bbcode_box/images/url.gif" width="24" height="20" name="url" type="image" onClick="BBCurl()" onMouseOver="helpline('url')" style="border-style: outset; border-width: 1" alt="URL"><img border="0" src="bbcode_box/images/email.gif" width="24" height="20" name="email" type="image" onClick="BBCmail()" onMouseOver="helpline('mail')" style="border-style: outset; border-width: 1" alt="Email"><img border="0" src="bbcode_box/images/web.gif" width="24" height="20" name="web" type="image" onClick="BBCweb()" onMouseOver="helpline('web')" style="border-style: outset; border-width: 1" alt="Wep Page">
#
#-----[ REPLACE WITH ]------------------------------------------
#
<img border="0" src="bbcode_box/images/url.gif" width="24" height="20" name="url" type="image" onClick="BBCurl()" onMouseOver="helpline('url')" style="border-style: outset; border-width: 1" alt="URL"><img border="0" src="bbcode_box/images/email.gif" width="24" height="20" name="email" type="image" onClick="BBCmail()" onMouseOver="helpline('mail')" style="border-style: outset; border-width: 1" alt="Email">
